Back to graphicsmagick PTS page

Accepted graphicsmagick 1.3.16-1.1+deb7u13 (source amd64 all) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted graphicsmagick 1.3.16-1.1+deb7u13 (source amd64 all) into oldoldstable
From: Markus Koschany <apo@debian.org>
Date: Fri, 03 Nov 2017 19:50:23 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1eAhyx-0002m4-3j@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 03 Nov 2017 19:52:34 +0100
Source: graphicsmagick
Binary: graphicsmagick libgraphicsmagick3 libgraphicsmagick1-dev libgraphicsmagick++3 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg
Architecture: source amd64 all
Version: 1.3.16-1.1+deb7u13
Distribution: wheezy-security
Urgency: high
Maintainer: Daniel Kobras <kobras@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 graphicsmagick - collection of image processing tools
 graphicsmagick-dbg - format-independent image processing - debugging symbols
 graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface
 graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface
 libgraphics-magick-perl - format-independent image processing - perl interface
 libgraphicsmagick++1-dev - format-independent image processing - C++ development files
 libgraphicsmagick++3 - format-independent image processing - C++ shared library
 libgraphicsmagick1-dev - format-independent image processing - C development files
 libgraphicsmagick3 - format-independent image processing - C shared library
Changes: 
 graphicsmagick (1.3.16-1.1+deb7u13) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2017-16352: Graphicsmagick was vulnerable to a heap-based buffer
     overflow vulnerability found in the "Display visual image directory"
     feature of the DescribeImage() function of the magick/describe.c file.
     One possible  way to trigger the vulnerability is to run the identify
     command on a specially crafted MIFF format file with the verbose flag.
   * Fix CVE-2017-16353: Graphicsmagick was vulnerable to a memory information
     disclosure vulnerability found in the DescribeImage function of the
     magick/describe.c file, because of a heap-based buffer over-read. The
     portion of the code containing the vulnerability is responsible for
     printing the IPTC Profile information contained in the image. This
     vulnerability can be triggered with a specially crafted MIFF file. There is
     an out-of-bounds buffer dereference because certain increments are never
     checked.
Checksums-Sha1: 
 97685057d8e8d191232a314f7e05030a9f227185 2837 graphicsmagick_1.3.16-1.1+deb7u13.dsc
 50fc2d21697d588c30ebfb2252e5cdeb72b4b7e6 203294 graphicsmagick_1.3.16-1.1+deb7u13.debian.tar.gz
 d9a55a76c2755ed6c7b3a248182c32017b25fc61 1033614 graphicsmagick_1.3.16-1.1+deb7u13_amd64.deb
 72a2ae164b8e3f38c0d5a3d5b47ee0226f42a744 1327820 libgraphicsmagick3_1.3.16-1.1+deb7u13_amd64.deb
 f5d66a399b646788b47b28fb172b215187c22b35 1824950 libgraphicsmagick1-dev_1.3.16-1.1+deb7u13_amd64.deb
 0893756ff5d2c1b0d5933a19bb465879429c6dd6 155596 libgraphicsmagick++3_1.3.16-1.1+deb7u13_amd64.deb
 e0bd3a380406213f31b53c7cc11a0196bef68a6d 407972 libgraphicsmagick++1-dev_1.3.16-1.1+deb7u13_amd64.deb
 aac097116e3523c3a07335386b70c7bb9d24426b 84954 libgraphics-magick-perl_1.3.16-1.1+deb7u13_amd64.deb
 754c9208ace1fcd2fc1f112717c538c3df6d5adf 3272398 graphicsmagick-dbg_1.3.16-1.1+deb7u13_amd64.deb
 184e04a738b02047fce25a9d8fb3214eaa1698d1 19138 graphicsmagick-imagemagick-compat_1.3.16-1.1+deb7u13_all.deb
 e083b5deb7066bb566b65db8d209c207cf225dcc 22682 graphicsmagick-libmagick-dev-compat_1.3.16-1.1+deb7u13_all.deb
Checksums-Sha256: 
 61f7e06e372d59e56be3ce602121a4291f33a9ba1fb28f0e07efdf09d521c00d 2837 graphicsmagick_1.3.16-1.1+deb7u13.dsc
 7827bfb1f01d87910dc9938b5e72986a8e0aac509315e7041ef6eef7f96fb6d1 203294 graphicsmagick_1.3.16-1.1+deb7u13.debian.tar.gz
 e6c1d18ef9f0a232f9ee3afba4978d3287969f376b2925d5b8fceb1df6fab68a 1033614 graphicsmagick_1.3.16-1.1+deb7u13_amd64.deb
 c72d819e485e67f62be6285f6864e22b6f9f0a4b6a22843ff37e48068b88fc7f 1327820 libgraphicsmagick3_1.3.16-1.1+deb7u13_amd64.deb
 fc5cbf290262633c4d1549f1983f1a23b7c038c1e547174892ec418a4adf7933 1824950 libgraphicsmagick1-dev_1.3.16-1.1+deb7u13_amd64.deb
 c92f6ccdd8a007b4a3825f29f1426e32184541a1e6c26e2b4a30e3b08f7c33b7 155596 libgraphicsmagick++3_1.3.16-1.1+deb7u13_amd64.deb
 aa1974075169423ec1b13de7d38fca0c1b3499e9de05aebf5e010caade0960cf 407972 libgraphicsmagick++1-dev_1.3.16-1.1+deb7u13_amd64.deb
 7aab91c9ddfcbbeef64bf85548f3d590d93d4ccd8402fb261ec2d0d756830e10 84954 libgraphics-magick-perl_1.3.16-1.1+deb7u13_amd64.deb
 d95a7d3b740a1333ea8ea4e676483397172ba57d0d7df2d564f8b04f99b560ce 3272398 graphicsmagick-dbg_1.3.16-1.1+deb7u13_amd64.deb
 e8e2ad59b5146fb68b9946fa8053df1c2b4d1e7440937211818131ba090d2eff 19138 graphicsmagick-imagemagick-compat_1.3.16-1.1+deb7u13_all.deb
 028378cee9c6d35ccbbfecdd0fc80ea8ab902e7ac2ea8ad309f2f0e6de70a347 22682 graphicsmagick-libmagick-dev-compat_1.3.16-1.1+deb7u13_all.deb
Files: 
 61366cc93f32c646e5b14a3b8120c26a 2837 graphics optional graphicsmagick_1.3.16-1.1+deb7u13.dsc
 c73cd8ff973aff0d7254d6e6567100ce 203294 graphics optional graphicsmagick_1.3.16-1.1+deb7u13.debian.tar.gz
 05095beebbd0eeb6fbb92706b309e39b 1033614 graphics optional graphicsmagick_1.3.16-1.1+deb7u13_amd64.deb
 59aff88d24bb3e9ea86c08d8f9146a01 1327820 libs optional libgraphicsmagick3_1.3.16-1.1+deb7u13_amd64.deb
 542ed862b6a341d8498d38a7900c5887 1824950 libdevel optional libgraphicsmagick1-dev_1.3.16-1.1+deb7u13_amd64.deb
 905e29da70ef9c5abc7c3f46db080290 155596 libs optional libgraphicsmagick++3_1.3.16-1.1+deb7u13_amd64.deb
 ee787d8f0478db536333fc496bdac3a9 407972 libdevel optional libgraphicsmagick++1-dev_1.3.16-1.1+deb7u13_amd64.deb
 620a10d0214bb0424209890188ec9a9a 84954 perl optional libgraphics-magick-perl_1.3.16-1.1+deb7u13_amd64.deb
 3e6bc77b2e86b4529fb050b9dd715d36 3272398 debug extra graphicsmagick-dbg_1.3.16-1.1+deb7u13_amd64.deb
 53205ea172bf937e3cbec4d3a6bb4b0b 19138 graphics extra graphicsmagick-imagemagick-compat_1.3.16-1.1+deb7u13_all.deb
 b61fee764b46bf5b97b66005e86f6739 22682 graphics extra graphicsmagick-libmagick-dev-compat_1.3.16-1.1+deb7u13_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAln8xBZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkjK0P/RTX3MTdrA213fGs8cYdnyb05pjG2sQ6q/8W
rnnOf0O52qJFs1xeAUDl74t8U4hUbQBHE2Q+eVNHZZiH+tOHLhFN6qMEhcVP5XJ/
gByGTg1BEPn4e3wXT0Ebm6oQtJjJJBk3Kbp2APqGD22DnEn0qlSgRXXNDDii4Vua
T1VNUQHrkTXnkPQeqfddzs8OtrmyX2Ibs2Yyjh9qcOp8ntmUDLsvzMG6OQsaTlM4
E7bSR8/omddxdg90ouHtqmSQYJshS4TEJPJJ0DwzkM3fSOBNVCMtEg4QWB2XDYwD
tfPGmn46a+gb0xQbZaYrfbffbZ95mXFI3ZSDMLdbx1JKGUb7LIZZfcJnt7zPFcVQ
LGYt6dxzVY4v4mj2X+BZlQMEHk1KbB7fOVdjJPSLnQgBTq84225cMxDSnuNVY4fZ
AFq352muXk+INtNui07MHi43/zUOcglVJbh2gV87C8h3IlPMAmRKYoMzLNG0RQl1
PhqdBlV4g28E1IUqD2Usxbehu42D67ttSw3mOUvdnXqPALAzkm0V/d6WG7obXgcN
leqmWJwTMuRrEfUoflBK1V9jQl8yj6TVkAinF131weq1vKCuYmJtB9A1iYmnBpe2
ztCM+Q7uSS6BoPNK+B96bVWdZuwnAGwwXMvmcufmqGhAX8jyKgAoJCuJ5K+OIncQ
Z/inNPK4
=+n0A
-----END PGP SIGNATURE-----